Scribd Logo
Upload

Welcome to Scribd!

  • Course 2advance PDF

    Uploaded by

    abdel_lak
    44 views10 pages
    courses

    Original Title

    Course-2advance.pdf

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    courses

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    44 views10 pages

    Course 2advance PDF

    Uploaded by

    abdel_lak
    courses

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 10

    BASIC TO ADVANCE WEB HACKING COURSE CONTENT -------------------------------------------------

    Many peoples take certied penetration testing or ethical hacking course. But they are learning from these course only SQL injection attack(Very Basic). But If a hacker can't nd SQL injection Vulnerable of his target then is it not possible to hack? If it is impossible to hack a web application without SQL Injection then there is no hackers in this world. There are many hacking method but they are not getting the real knowledge. Remember , If you want to become serious hacker then you need to research ,nd other vulnerability and exploit them. And Avoid them who wait only for SQL injection Vulnerability and If there is not SQLI vulnerable then they can't exploit(hack). Web Hacking is not a simple thing that peoples can learn within 1-2 days or from a simple penetration testing certied training. Every hackers has some step for successful . They must need to pass some stage. But some peoples does not know the all step and stages. I hope this course will help you much. This course will cover the complete "Web Hacking". ---------------------------------------------------------------------------------------------------

    1. Unerstanding Web Application Defense: 1.1. Authentication. 1.2. Session Management. 1.3. Access Control. 1.4. Input Handling. 1.5 . Error Handling. 1.6. Boundary Validation. 1.7. Security Alerting Note: You will know the web attack method too.

    2. Understaning How Web Application Work(Technologies): 2.1. HTTP Protocol. 2.2. HTTP Methods.

    2.3. Headers. 2.4. Status Codes. 2.5. Cookies. 2.6. Auhentication. 2.7. Web Functionality for server(ASP,PHP). 2.8. Web Functionality For client side(HTML,Forms etc). 2.9. Encoding. 3. Information Gathering or Enumeration: 3.1. Spidering. 3.2. Hidden Content. 3.2.1. Leveraging the Web Server . 3.2.2. Brute Forces. 3.2.3. Comment. 3.3. Public Information. 3.4. Hidden Parameters. 3.5. Finding User Input Point. 3.6. Identifying Server-side Technologies. 3.6.1. Fingerprinting. 3.6.2.File Extensions. 3.6.3. Banner Grabbing. 3.6.4.Directory. 3.7. Information Gathering by Search Engine. 3.8. Planning The Attack. 4. Breaking Authentication: 4.1. Basic Idea of Authentication.

    4.2. Design Flwas. 4.2.1. Weak Password. 4.2.2. Guessable Password. 4.2.3. Password change vulnerability. 4.2.4. Non-Unique Usernames. 4.2.5. Usernames Prediction. 4.2.5. Verbose Failure Messages. 4.6. Storgae of Credntials Vulnerability. 4.7. Brute Forces. 4.8. Predictable Usernames. Note: Some content is secret.

    5. Attacking Authorization and Access Control:


    5.1 Basic understanding. 5.2. Vulnerability. 5.2.1. Unprotected Functionality. 5.2.2. Static Files. 5.2.3. Multistage Login. 5.3. Authorization Attack. 5.3.1. Horizontal Privilage Escalation. 5.3.2. Vertical Privilage Escalation. 5.3.3. Arbitrary File Access.

    6.Attacking Session:
    6.1. Meaningful Tokens.

    6.2. Session Prediction. 6.3. Liberal Cookie. 6.3.1. Cookie Domain Restrictions. 6.3.2. Cookie Path. 6.4. Mapping Of Tokens to Sessions. 6.5. Predictable Tokens. 6.5.1. Time Dependency. 6.5.2. Random Number .

    7. Code Injection Attack(Input):


    7.1. Understanding Basic of Input Validation. 7.2. SQL Injection. 7.2.1. Understanding SQL Injection. 7.2.2. Finding SQL Injection Vulnerability. 7.2.3. Login Bypass. 7.2.4. Exploiting SQL InJection Basic Vulnerability. 7.2.5. SQL Synatax and Error . 7.2.6. Advance SQL Injection. 7.2.7. Filter Bypassing. 7.2.8. Blind Injection. 7.3. Xpath Injection. 7.3.1. Understanding Xpath Vulnerability. 7.3.2. Finding Xpath Vulnerability. 7.3.3. Exploiting Basic. 7.3.4. Blind Xpath Injection. 7.4. Operating System Commands Injection.

    7.5. File Inclusion. 7.5.1. Basic Understanding of File Inclusion. 7.5.2. Remote File Inclusion. 7.5.3. Local File Inclusion. 7.5.4. Finding File Inclusion Bug and Exploiting. 7.6. Exploiting SMTP Vulnerability. 7.7. Buer Overow. 7.8. Script Injection Attack. 7.8.1. Perl . 7.8.2. ASP. 7.8.3. PHP. 7.9. LDAP Injection. 7.10. File uploading. And more....

    7. Pathe Traversal.
    7.1. What is it. 7.2. Finding Vulnerability. 7.3. Exploiting Path Traversal.

    7. Attacking Client:
    7.1. XSS. 7.1.1. Understanding XSS. 7.1.2. Reected XSS vulnerability and Exploiting. 7.1.3. Stored XSS Vulnerability and Exploiting.

    7.1.4. DOM-Based XSS. 7.1.5. XSS Payload. 7.1.5.1. ------7.1.5.2. ------7.1.5.3. -------

    7.3. Session Fixations. 7.4. Frame Injection. 7.5. Json Hacking. 7.6. Local Privacy Attacks. 7.6.1. Persistent Cookies. 7.6.2. Browser History. 7.6.3. Autocomplete. Note: Some content is secret.

    8.Web Hacking Tools and Automated Attack:


    8.1. Web Password Cracking. 8.1.1. Hydra,Medusa,Brutus etc. 8.2. Scanning. 8.2.1. Acunitix,Grendel scanner etc. 8.3. Exploiting. 8.4. Fuzzing. Note: Some content is secret.

    9. Web Software Attack:


    9.1. Buer Overow. 9.1.1. Stack overows. 9.1.2. Heap Overows.

    9.1.3. Detecting The vulnerabe. 9.2. Format String Vulnerability. 9.2.1. Finding The Vulnerabilites.

    10.Attack against Application Architecture:


    10.1. Attack against Access Mechanisms. Note: other contents are secret.

    11.Attack Against Server:


    11.1. Conguration. 11.2. Default Thing. 11.3. Dangerous HTTP Methods. Note: Other contents are secret.

    12. Information Disclosure:


    12.1. Debug Messages. 12.2. Public Information. Note: Other Contents are secret.

    13. Sources Code Vulnerability And Exploit:


    13.1. Finding XSS source code. 13.2. Finding SQLi. 13.3. Buer Overow. 14.4. Finding Information From html. 14.5. PHP vulnerability. 14.6. Finding other vulnerability and intersting information.

    14. Logic Attack.

    15. Other Malicious Attack by the Compromised site:


    Note: Secret

    16. Planing,Attacking,Finding Other,Exploiting.


    Note: Important for at least attack.

    17. Covering Mission :


    17.1. Uploading Backdoor . 17.2. Log Cleaning. Conclusion: From this course peopls learn the advance web hacking. There is no limit attack. You will learn more other successful attack. From this you will learn many secret method which did not included here which will be practical exploiting of any vulnerability. I hope you will the advance web hacker after complete this course.

    Special Oer: You will be provided a professional tool freely which cost is 3000$-6000$.

    ---------------------------

    You might also like